As dependence on computer systems and computer networks increases along with the sophistication and the frequency of attacks on computer systems and computer networks, the subject of computer security is becoming ever more prominent in the industry. Computer security techniques are presently used to protect users of the computer systems and the application programs and operating systems from malicious software (“malware”)—e.g., viruses, worms, and Trojans—designed specifically damage or disrupt a computer system, and other undesirable activity.
To guard against the risk of malware, protection technologies, such as anti-malware software are often employed. For example, anti-malware software programs can scan computer systems to detect malware embedded within infected computer files. Once detected, the malware can be removed from infected files, the infected files may be quarantined, or the infected file may be deleted from the computer system.
Anti-malware software is currently designed to use known patterns, or signatures, to detect and remove malware infections, including “spyware” from computer operating systems and networks. For example, the anti-malware software can look for these patterns in an operating system's data stores, in memory, or over a variety of network protocols. After the failure or successful removal of the malware, anti-malware software typically provides the protected computer system administrator or network operator information surrounding the “cleaning event,” which is typically referred to as an event or alert. For example, upon successfully or unsuccessfully cleaning malware off a computer system, the anti-malware provides a single event that declares that the machine is now “clean” and in a known good state. The information can include a friendly virus name, a list of the actions taken, and a date/time reference, amongst other information recorded at the time. A difficulty with the information provided after an infection is detected by today's anti-malware software is that system administrators are unable to determine the root cause or origin of that malicious code. Another difficulty with the information provided by the anti-malware software is that the information does not allow the system administrators to assess the scope of the damage caused subsequent to the initial infection.